From 71085c3fa13f74a9d45ec471aed06ef6871442c9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jul 2020 04:24:46 +0000 Subject: [PATCH 1/7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libconfuse.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libconfuse.spec b/libconfuse.spec index 8a78407..273d2b3 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -1,6 +1,6 @@ Name: libconfuse Version: 3.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A configuration file parser library License: ISC @@ -81,6 +81,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/confuse %changelog +* Tue Jul 28 2020 Fedora Release Engineering - 3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Thu Jun 25 2020 Gwyn Ciesla - 3.3-1 - 3.3 From 5d9ed037ef1edafca77ab4c5b8a5e89f62a5edec Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Tue, 5 Jan 2021 01:36:10 +0000 Subject: [PATCH 2/7] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- libconfuse.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/libconfuse.spec b/libconfuse.spec index 273d2b3..d2e4c4f 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -10,6 +10,7 @@ Source0: https://github.com/martinh/libconfuse/releases/download/v%{version}/con BuildRequires: gcc BuildRequires: check-devel, pkgconfig BuildRequires: perl-interpreter +BuildRequires: make %description libConfuse is a configuration file parser library, licensed under From 1d701b38550c54b7fca5a0d2e23618301924bd4d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 16:49:53 +0000 Subject: [PATCH 3/7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libconfuse.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libconfuse.spec b/libconfuse.spec index d2e4c4f..ea01f4b 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -1,6 +1,6 @@ Name: libconfuse Version: 3.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A configuration file parser library License: ISC @@ -82,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/confuse %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Tue Jul 28 2020 Fedora Release Engineering - 3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From c7a54f7d2b3c67660d1ad73920be2b5e5bd77f84 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 22 Jul 2021 11:07:45 +0000 Subject: [PATCH 4/7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libconfuse.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libconfuse.spec b/libconfuse.spec index ea01f4b..d691a28 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -1,6 +1,6 @@ Name: libconfuse Version: 3.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A configuration file parser library License: ISC @@ -82,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/confuse %changelog +* Thu Jul 22 2021 Fedora Release Engineering - 3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Tue Jan 26 2021 Fedora Release Engineering - 3.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 10e85ae06ab4ec85424dd795b5e6746b31742754 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 15:56:47 +0000 Subject: [PATCH 5/7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libconfuse.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libconfuse.spec b/libconfuse.spec index d691a28..4cb1171 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -1,6 +1,6 @@ Name: libconfuse Version: 3.3 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A configuration file parser library License: ISC @@ -82,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/confuse %changelog +* Thu Jan 20 2022 Fedora Release Engineering - 3.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Thu Jul 22 2021 Fedora Release Engineering - 3.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 2690d3ddafc27f1116b4418d65bc987fead698f8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 21 Jul 2022 17:30:35 +0000 Subject: [PATCH 6/7] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libconfuse.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libconfuse.spec b/libconfuse.spec index 4cb1171..3378c56 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -1,6 +1,6 @@ Name: libconfuse Version: 3.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A configuration file parser library License: ISC @@ -82,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/confuse %changelog +* Thu Jul 21 2022 Fedora Release Engineering - 3.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Thu Jan 20 2022 Fedora Release Engineering - 3.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 015d41be636f5e500f9dd0bf1e24fc722f006c36 Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Mon, 12 Sep 2022 08:50:12 -0500 Subject: [PATCH 7/7] Patch for CVE-2022-40320 --- ...77c2c3566fb2647727bb56d9a2295b81669b.patch | 25 +++++++++++++++++++ libconfuse.spec | 9 ++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 d73777c2c3566fb2647727bb56d9a2295b81669b.patch diff --git a/d73777c2c3566fb2647727bb56d9a2295b81669b.patch b/d73777c2c3566fb2647727bb56d9a2295b81669b.patch new file mode 100644 index 0000000..616c94e --- /dev/null +++ b/d73777c2c3566fb2647727bb56d9a2295b81669b.patch @@ -0,0 +1,25 @@ +--- src/confuse.c~ 2020-06-21 15:53:26.000000000 -0500 ++++ src/confuse.c 2022-09-12 08:41:44.448638314 -0500 +@@ -1865,16 +1865,19 @@ + } else { + /* ~user or ~user/path */ + char *user; ++ size_t len; + + file = strchr(filename, '/'); + if (file == 0) + file = filename + strlen(filename); + +- user = malloc(file - filename); +- if (!user) ++ len = file - filename - 1; ++ user = malloc(len + 1); ++ if (!user) + return NULL; + +- strncpy(user, filename + 1, file - filename - 1); ++ strncpy(user, &filename[1], len); ++ user[len] = 0; + passwd = getpwnam(user); + free(user); + } diff --git a/libconfuse.spec b/libconfuse.spec index 3378c56..eb1777d 100644 --- a/libconfuse.spec +++ b/libconfuse.spec @@ -1,12 +1,14 @@ Name: libconfuse Version: 3.3 -Release: 6%{?dist} +Release: 7%{?dist} Summary: A configuration file parser library License: ISC URL: https://github.com/martinh/libconfuse Source0: https://github.com/martinh/libconfuse/releases/download/v%{version}/confuse-%{version}.tar.gz +Patch0: d73777c2c3566fb2647727bb56d9a2295b81669b.patch + BuildRequires: gcc BuildRequires: check-devel, pkgconfig BuildRequires: perl-interpreter @@ -39,6 +41,8 @@ Development files for %{name}. %setup -q -n confuse-%{version} perl -pi.orig -e 's|confuse.h|../src/confuse.h|g' tests/check_confuse.c +%patch0 -p0 + %build %configure --enable-shared --disable-static make %{?_smp_mflags} AM_CFLAGS="-Wall -Wextra" @@ -82,6 +86,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/confuse %changelog +* Mon Sep 12 2022 Gwyn Ciesla - 3.3-7 +- Patch for CVE-2022-40320 + * Thu Jul 21 2022 Fedora Release Engineering - 3.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild